When you step inside Cloudflare's San Francisco office, the first thing you notice is a wall of lava lamps. Visitors often stop to take selfies, but the peculiar installation is more than an artistic statement; it's an ingenious security tool.
The changing patterns created by the lamps' floating blobs of wax help Cloudflare encrypt internet traffic. The idea was hatched over a weekend in 2013, when company CEO Matthew Prince and CTO John Graham-Cumming were discussing ways to generate random numbers. Random numbers have a variety of uses in cybersecurity and play a crucial role in things such as creating passwords and cryptographic keys. Since computers are not particularly good at generating randomness, Prince and Graham-Cumming decided to try harnessing it through a physical process.
"Matthew [Prince] said, 'Why don't we set up a bunch of lava lamps in our office and use them as a random number generator?,'" Graham-Cumming remembers. "And I was like, 'Oh, that's a great idea! Let's just do it!'"
Their project drew inspiration from Lavarand, a random number generator patented in 1996 that utilized a lava lamp with a camera pointed at it. The photos taken of the object by the camera were each made unique by the moving blobs. The images were then turned into random numbers.
Lava lamps are a good source of physical entropy, because the movement of the wax blobs follows the complex laws that govern fluid mechanics. The wax is heated by a light bulb at the base of the lamp. As it grows hotter, it becomes less dense and slowly rises to the top. When a blob reaches the peak, it cools and becomes denser, falling back down to the bottom, where it reheats and repeats the process.
Cloudflare's Wall of Entropy, as it's known, uses not one but 100 lamps, their randomness increased by human movement. "Anybody getting a selfie adds to the randomness," Graham-Cumming says. "If somebody walks in front of the lava lamps, there's more random motion." Another source of randomness comes from changing light conditions, as well as image sensors within a camera that produce noise — even if two photos appear to be similar, individual camera noise makes them different in imperceptible ways.
Cloudflare also uses additional sources of physical entropy to create randomness for its servers. "In London, we have this incredible wall of double pendulums, and in Austin, Texas, we have these incredible mobiles hanging from the ceiling and moving with air currents," Graham-Cumming says. Cloudflare's office in Lisbon will soon feature an installation "based on the ocean."
In these cases, images of lava lamps, pendulums, and the "suspended rainbows" used in the Austin office are hashed and serve as input for a key derivation function (KDF), which is used to generate a so-called randomness seed — a value that is truly random and can be utilized as a starting point for a chain of values created by a cryptographically secure pseudorandom number generator (CSPRNG).
Cloudflare's clever entropy pool is used not out of a lack of trust in Linux's default random number generator, but as a precautionary measure, acting as an extra layer of security. "All of our machines have random number generators in them, and they generate random numbers in some way that we can use for the purposes of cryptography," Graham-Cumming says. "What we do is, we want to start that process off in some way that itself is not predictable."
Physical Sources of Entropy
Initiatives like the Wall of Entropy (which gained pop culture notoriety when it was featured in an episode of police procedural TV series NCIS) are a clever way of using real-world randomness for computer security. But the idea of relying on physical entropy sources is not unique. In the past century, engineers and computer scientists have explored various ways of using natural phenomena to generate randomness.
One of the first machines to harness the randomness of nature was ERNIE, or Electronic Random Number Indicator Equipment. This random number generating hardware was built in 1956 for deciding winners of a bond lottery issued by the UK government. ERNIE generated randomness by using the noise produced by a series of neon cold-cathode tubes.
Here is a video of how ERNIE worked.
Other projects leverage atmospheric noise that is mostly caused by lightning discharges during thunderstorms. Random.org, for example, captures atmospheric noise in the form of radio static. Random.org was created in 1997 by computer scientist Mads Haahr and his friends, who wanted to generate true randomness for an online gambling website they were creating. They did this by using a $10 Radio Shack radio with no noise filter. The resulting radio static is itself a form of entropy. Haahr says the group now has several radio receivers in different countries that are tuned between stations.
Randomness also can come from surprising places and people, like a project involving rolling dice started by Mira Modi at the age of 11. Modi used a well-known method for generating passphrases, called Diceware, which was developed by Arnold G. Reinhold. Modi rolled a die five times and wrote down each number say 45621. Then, she matched that five-digit number to the corresponding word found in the Diceware dictionary, in this case "pixel." She repeated the process six times to create a passphrase made of six words, ending up with something like "pixel album when golf errand madman." Modi would then write this passphrase on a piece of paper and send it to her client using the US Postal Service.
New Sources of Randomness
Physical random number generations can be based on any chaotic process in nature, including radioactive decay, chaos in laser emission, or pulsars. These initiatives are all exciting and ingenious, but more recent developments in the field push the needle even further.
One such example is the League of Entropy, a collective project that relies on Cloudflare's lava lamps alongside other sources of entropy.
One day in 2018, a group of researchers, academics, and engineers gathered in a small room to attend a talk by Nicolas Gailly on drand, a distributed randomness beacon daemon written in Golang.
"We were all sitting in that room, being presented with this great system to turn a bunch of mutually untrusting parties into a network able to act as a trusted source of public randomness in a verifiable way," says Yolan Romailler, chief cryptographer at Randamu and maintainer of drand. "Back then, there were no good public, verifiable randomness projects out there."
After the presentation, a few of the group went for lunch in one of the university canteens.
"Nick Sullivan, at Cloudflare at that time, was super pumped by this idea: We could launch the first public service to provide proper public verifiable randomness for anybody to use for free, and it wouldn't require too much resources," Romailler says. "We all agreed the internet really needed a public randomness service, just like it has free NTP servers, to provide everyone with precise time information. And just like that, Nick started the motion that led to the launch of the League of Entropy in 2019."
Initially, the decentralized service had eight independent globally distributed beacons — "a consortium of universities, industrial partners, and other organizations working together to provide randomness for anyone to use," says Romailler.
Sparkling rainbows in Austin. Source: Cloudflare
Each organization had its own sources of entropy. Cloudflare came up with its lava lamp project, but others developed equally creative solutions. The University of Chile, for instance, added seismic measurements to the mix, while the Swiss Federal Institute of Technology used the local randomness generator present on every computer at /dev/urandom, meaning that it relied on things like keyboard presses, mouse clicks, and network traffic to generate randomness. Kudelski Security, the company Romailler worked for at that time, used a CRNG (cryptographic random number generator) based on the ChaCha20 stream cipher.
This project has since grown, and today around 20 organizations are involved. "All of them are running a drand node out of goodwill, for free, convinced the internet needs a source of public randomness as a public good," Romailler says.
The League operates two mainnet networks with roughly 23 nodes split across the globe, all collaborating. Romailler adds that the project is highly secure — it would require 12 malicious nodes for it to stop unwillingly or to malfunction.
"Interestingly, the pairing-based cryptography we are relying on guarantees us that a threshold amount of malicious parties still wouldn't be able to bias future results, only to predict them," he says.
"We cannot really talk about the entropy of the League, but we can say it provides 128 bits of security, meaning it would take roughly 2128 computing operations to break it."
With each passing year, the project becomes bigger and better. In 2023, the League added timelock encryption, another tool that can be used free of charge, which allows users to encrypt a message that can be read only at a specific time in the future.
At the moment, the League of Entropy serves more than 1.5 billion requests per month, and supports a wide array of projects that depend on drand for randomness. According to Romailler, the service is used by Filecoin, several Web3 games, and an NGO in Sierra Leone that needs to select recipients of universal basic income.
It's things like these that make Romailler and his peers feel that their work matters and that the project needs to be taken further, perhaps incorporating more peculiar sources of entropy, such as Cloudfare's lava lamps.
"We believe the League should ideally be made of 50 to 100 organizations that are well known and have a good reputation of trying to improve the Internet's future," he says. "This kind of scale would allow us to strike a good balance between the performance and trustworthiness of the League."